dongzhan7909 2018-02-16 17:10
浏览 198

无效的内容验证签名(Python中的HMAC)

I need help with PHP to Python 3+ code conversion. By the link https://icobench.com/developers at Auth and examples section, you can find the code of a class for work with website API.

I already wrote Python class, but it doesn't work correctly.

import html
import io
import json
import hashlib
import hmac
import pycurl


class ICObenchAPI:
    private_key = ''
    public_key = ''
    api_url = 'https://icobench.com/api/v1/'
    result = None

    def get_icos(self, parameter='all', data=''):
        return self.send('icos/{0}'.format(parameter), data)

    def get_ico(self, ico_id, data=''):
        return self.send('ico/{0}'.format(str(ico_id)), data)

    def get_other(self, parameter):
        return self.send('other/{0}'.format(parameter), '')

    def get_people(self, parameter='registered', data=''):
        return self.send('people/{0}'.format(parameter), data)

    def send(self, action, data):
        data_json = json.dumps(data)
        print("data_json: ", data_json)

        #$sig = base64_encode(hash_hmac('sha384', $dataJson, $this->privateKey, true));

        signature = hmac.new(self.private_key.encode('utf-8'), msg=data_json.encode('utf-8'), digestmod=hashlib.sha384).hexdigest()

        print("signature: ", signature)
        headers = [
            'Content-Type: application/json',
            'Content-Length: {0}'.format(len(data_json)),
            'X-ICObench-Key: {0}'.format(self.public_key),
            'X-ICObench-Sig: {0}'.format(signature)
        ]
        print("headers: ", headers)
        buffer = io.BytesIO()
        action_url = self.api_url + action
        print("action_url: ", action_url)
        ch = pycurl.Curl()
        ch.setopt(pycurl.URL, action_url)
        ch.setopt(pycurl.POSTFIELDS, data_json)
        ch.setopt(pycurl.SSL_VERIFYPEER, False)
        ch.setopt(pycurl.HTTPHEADER, headers)
        ch.setopt(pycurl.WRITEFUNCTION, buffer.write)
        ch.perform()
        reply = buffer.getvalue().decode('UTF-8')
        ff = reply
        reply = json.loads(reply)
        if reply['error'] is not None:
            self.result = reply['error']
            return False
        elif reply['message'] is not None:
            self.result = reply['message']
            return True
        elif reply is not None:
            self.result = json.dumps(reply)
            return True
        else:
            self.result = html.escape(ff)
            return False

    def get_result(self):
        return self.result

A server already answering:

Invalid Content Verification Signature

I think the problem with HMAC part. What is wrong with my code? Thanks!

  • 写回答

1条回答 默认 最新

  • duandaodao6951 2018-02-16 17:51
    关注

    The problem was encoding! Correct way to use HMAC:

    hm = hmac.new(bytes(self.private_key, "ascii"), bytes(data_json, "utf-8"), hashlib.sha384)
signature = base64.b64encode(hm.digest()).decode('utf-8')
    评论

报告相同问题?

悬赏问题

  • ¥20 机器学习能否像多层线性模型一样处理嵌套数据
  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码
  • ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效